Blog: Bearmoor Notes

Friday, April 17, 2009

Regulatory Focus - The Changing of the Guard

The financial services industry is one of the most highly regulated industries in America. Therefore; it is of little surprise that the regulatory agencies overseeing the activities of the financial institutions have come under increased scrutiny from Congress. On March 18, 2009 several of the agencies testified before the Subcommittee on Securities, Insurance, and Investment of the Committee on Banking, Housing, and Urban Affairs. The primary purpose of this testimony was to outline what has been learned from the most recent financial crisis as well as what action that the agencies will take to strengthen their supervision and examination processes in the area of risk management activities.

The OCC was one of the agencies that provided testimony to the Subcommittee. Senior Deputy Comptroller Timothy Long presented the OCC’s view on the industry and outlined the role of risk management for within banks. SDC Long’s comments provide insight into the focus and temperature of the regulatory agencies attention to effective risk mitigation functions at financial institutions. Below is an excerpt of SDC Long’s testimony.

The first step in risk-based supervision is to identify the most significant risks and then to determine whether a bank has systems and controls to identify and manage those risks. Next, we assess the integrity and effectiveness of risk management systems, with appropriate validation through transaction testing. This is accomplished through our supervisory process which involves a combination of ongoing monitoring and targeted examinations. The purpose of our targeted examinations is to validate that risk management systems and processes are functioning as expected and do not present any significant supervisory concerns. Our supervisory conclusions, including any risk management deficiencies, are communicated directly to bank senior management. Thus, not only is there ongoing evaluation, but there is also a process for timely and effective corrective action when needed. To the extent we identify concerns; we “drill down” to test additional transactions.

These concerns are then highlighted for management and the Board as “Matters Requiring Attention” (“MRAs”) in supervisory communications. Often these MRAs are line of business specific, and can be corrected relatively easily in the normal course of business. However, a few MRAs address more global concerns such as enterprise risk management or company-wide information security. We also have a consolidated electronic system to monitor and report outstanding MRAs. Each MRA is assigned a due date and is followed-up by on-site staff at each bank. If these concerns are not appropriately addressed within a reasonable period, we have a variety of tools with which to respond, ranging from informal supervisory actions directing corrective measures, to formal enforcement actions, to referrals to other regulators or law enforcement.

Our supervision program includes targeted and on-going analysis of corporate governance at our national banks. This area encompasses a wide variety of supervisory activities including:

· Analysis and critique of materials presented to directors;

· Review of board activities and organization;

· Risk management and audit structures within the organization, including the independence of these structures;

· Reviews of the charters, structure and minutes of significant decision making committees in the bank;

· Review of the vetting process for new and complex products and the robustness of new product controls; and

· Analysis of the appropriateness and adequacy of management information packages used to measure and control risk.

It is not uncommon to find weaknesses in structure, organization, or management information, which we address through MRAs and other supervisory processes described above. But more significantly, at some of our institutions what appeared to be an appropriate governance structure was made less effective by a weak corporate culture, which discouraged credible challenge from risk managers and did not hold lines of business accountable for inappropriate actions.

We all can agree that effective risk mitigation functions within banks will provide for a strong and stable financial system. Therefore the current process needs to be strengthened and improved. It appears as though the regulatory agencies will be increasing their efforts to ensure that such improvements are developed and implemented across each business line. Organizations the fail to do so will be identified and given “special” supervisory oversight.

For the complete testimony of SDC Long please visit: http://www.occ.gov/ftp/release/2009-23b.pdf

No comments: